npm package-lock.json
Mads Kiilerich
mads at kiilerich.com
Sat Sep 7 20:56:20 UTC 2019
On 9/4/19 9:14 PM, Thomas De Schampheleire wrote:
> The recommendation is thus to commit this file to the repository, but
> I assume it also means we should keep it up-to-date frequently for
> bugfixes.
We already lock package.json at specific versions, so I guess we just as
well also could pin all dependencies.
Alternatively, we could leave package.json with more open ranges,
similar to how we handle pip dependencies.
But let's just keep it simple, commit the lock, and specify which
version we use and test.
/Mads
More information about the kallithea-general
mailing list